When configuring a Web application to use host-named sites, Web hosters typically use Basic authentication for the default zone. The index component of the search server, sometimes called the crawler, cannot crawl host-named Web sites that are deployed in the usual way for the following reasons:

The crawler cannot authenticate using Basic authentication.

Host-named sites do not enable the index component of the search server to authenticate by using another zone in the polling order.

The procedures included in this solution require the following types of administrators:

Domain Name System (DNS) administrator

Server administrator

Farm administrator

Other requirements include:

Two DNS servers: one Internet-facing DNS server, and one intranet-facing DNS server.

Two static IP addresses: one from the Internet-facing DNS server, and a different static IP address from the intranet-facing DNS server. These two IP addresses must be associated with the same site name.

This solution assumes the following:

A server administrator either configures separate network interface cards (NICs) on all front-end Web servers in the server farm with both static IP addresses or adds both static IP addresses to one NIC.

The search server that you will use for your Web application is running.

You do not have another Web application using port 80.

Note:

Although it is possible to implement this solution by using a different port (as long as both zones use the same port), port 80 is typically used so end-users do not see a port number in the URL of their host-named site.

This solution requires two DNS servers. Each DNS server maps the same host name to a different static IP address. This is typically referred to as a split DNS environment. The Internet-facing DNS server resolves the URL of the host-named site to the default zone of your Web application. This is the zone end-users use to access the site using Basic authentication. The intranet-facing DNS server resolves this same URL to an IP address that is mapped to the Intranet zone of your Web application. This is the zone that intranet users and the crawler use to access the site using NTLM authentication.

This mapping is possible because when a new zone is created by extending the Web application, Windows SharePoint Services 3.0 creates an Internet Information Services (IIS) Web site for that zone. A server administrator can use IIS Manager to map a static IP address directly to an IIS Web site, which is associated with a particular zone of a particular Web application.

The farm administrator uses the Central Administration Web site to create a Web application on port 80 without a host header assigned to it.

The farm administrator configures the default zone of this Web application to use Basic authentication.

The farm administrator extends the Web application, specifies the host header name, and then specifies NTLM authentication on the intranet zone.

The DNS administrator maps the site name to the static IP addresses in DNS.

The server administrator uses IIS Manager to perform the following actions:

Map the static IP address from the Internet-facing DNS server to the IIS Web site that is associated with the default zone (that is, the zone that uses Basic authentication) of your Web application.

Map the static IP address from the intranet-facing DNS server to the IIS Web site associated with the Intranet zone (that is, the zone that uses NTLM authentication) of your Web application, and remove the IIS host header that was assigned to this site in step 3.

The server administrator creates a host header-based site collection by using the Stsadm command-line utility.

Note:

You must use the Stsadm command-line utility to specify the URL that you want for your host header-based site collection.

The farm administrator can grant permissions to the Web application and the site collection administrator can grant permissions to the site collection.

On the Create or Extend Web Application page, in the Adding a SharePoint Web Application section, click Create a new Web application.

On the Create New Web Application page, in the IIS Web Site section, configure the following settings for your new Web application.

Accept the default setting, Create a new IIS web site, and then type a name for the Web site in the Description box.

In the Port box, type 80.

Ensure that the Host Header box is blank.

In the Application Pool section, select Use existing application pool, or accept the default setting, Create new application pool. If you are creating a new application pool, specify the security account to use for the new application pool.

In the Search Server section, select the search server that you want to use to index this Web application from the Select Windows SharePoint Services search server list.

Click OK.

Perform the following procedure on all front-end Web servers in the server farm.

Restart IIS

Click Start and then click Run.

In the Run dialog box, in the Open box, type cmd, and then click OK.

At the command prompt, type the following command, and then press ENTER:

iisreset /noforce

Close the command prompt window.

Perform the following procedure to configure the Web application to use Basic authentication.

Configure the default zone to use Basic authentication

On the Central Administration home page, click Application Management.

On the Application Management page, in the Application Security section, click Authentication providers.

On the Authentication Providers page, in the Zone column, click Default.

In the IIS Authentication Settings section, select Basic authentication (password is sent in clear text).

Host-named sites enable farm administrators to choose the name they want to use in the URL for their sites. Note that the name (that is, the URL) must be a unique name on the domain. The administrator for the Internet-facing DNS server must map the site name chosen by the farm administrator to the appropriate static IP address. In a later step, the server administrator maps this static IP address to the IIS Web site that is configured to use the default zone used by the Web application.

Likewise, the administrator for the intranet-facing DNS server must map this same site name to a different static IP address. In a later step, the server administrator will map this static IP address to the IIS Web site that is configured to use the Intranet zone used by the Web application. Additionally, this DNS administrator must also map the host header name that the farm administrator used when extending the Web application to this static IP address. Even though this host name is removed in a later procedure, this host name is used by the crawler to access the Web application on the Intranet zone.

The following procedure must be performed by a server administrator on each front-end Web server in the server farm.

Map the static IP addresses to the Web sites

Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

In the console tree, expand the local computer node, expand Web Sites, right-click the Web site you configured for Basic authentication, and then click Properties.

In the Properties dialog box, on the Web Site tab, in the Web site identification section, in the IP address list, select the IP address that you want to map to the customer-facing Web site.

Click OK to close the Properties dialog box.

In the console tree, right-click the Web site you configured for NTLM authentication, and then click Properties.

In the Properties dialog box, on the Web Site tab, in the Web site identification section, click Advanced.

In the Advanced Web Site Identification dialog box, in the Multiple identities for this Web site section, select the row containing the host header name you configured for the Web site that is using NTLM authentication, and then click Edit.

In the Add/Edit Web Site Identification dialog box, select the IP address that you want to map to the Web site that is using NTLM authentication from the IP address list.

In the Host Header value box, make a note of the host header name. This is the host header name you assigned to the site that you configured for NTLM authentication. You will need to use this name in the next procedure.

In the Host Header value box, delete the host header name, and then click OK.

Click OK to close the Advanced Web Site Identification dialog box.

Click OK to close the Properties dialog box.

Close IIS Manager.

Use the following procedure to create a site collection for your Web application. You must be a server administrator to perform the following steps.

The following table describes the variables used in step 4 of the previous procedure.

Variable

Description

HostNamedSiteAddress

URL chosen by the farm administrator for users to access the top-level site of the site collection. The DNS administrator maps this name to the IP address used to access the Default zone of your Web application.

DomainName\UserName

Primary owner of the host header-based site collection.

username@example.com

E-mail address of the site collection owner.

WebApplicationUrl

URL of the default zone of the Web application. You can find this URL on the Web Application List page in Central Administration.

Before users can access the sites on the Web application you have created, you must grant those users the appropriate permissions to your sites. If you want to manage security at the Web application level, a farm administrator can create a policy to grant permissions to the Web application. Alternatively, if you want to manage permissions at the site collection level and at lower levels, site collection administrators can add users to the appropriate SharePoint groups.